Towards Developing an Attacker Exploiting Artificial

Download Report

Transcript Towards Developing an Attacker Exploiting Artificial

SmartAttacker: Towards Developing an
Attacker Exploiting Artificial Intelligence
Raju Ahmed Shetu
Email: [email protected]
Background & Motivation
•
The most prominent web attacks are generally
of the following five types:
1.
2.
3.
4.
5.
•
Remote Code Execution
SQL Injection
Cross-Site Scripting
Format String Vulnerabilities
Username Enumeration
•
•
All of these attacks mostly focus on only one
aspect of the system, and thus, limits their
success rate.
̵
•
Related Work
•
Human intervention is needed to enhance the
success attack rate combining the attacks.
Augmenting an automated attacker with artificial
intelligence can lead towards the next step of
enhancing the success attack rate.
Approach to Our Study
Target
system
Work Done So Far
•
Penetration
testing
Get data
•
SmartAttacker is divided into two modules 1. Information Gathering Module, and
2. Intelligent Attacker Module.
Information Gathering Module is completed so
far. It captures aliveness, route information, and
port vulnerabilities.
Identify
individual
vulnerabilities
Attack target
with new
scenario
Success
attack
probability >
Desired value
Yes
•
Traditional web attacks are mostly done by
botnets, which can initiate various kinds of attacks
such as DDoS attack, ClickFraud, Spyware, E-mail
Spamming, Adware, Fast Flux, etc. [1]
Botnets are controlled by Botnet originator known
as “Bot Herder” or “Bot Master”, which can control
a group of botnets through Internet relay chat
channel via Command & Control (C&C) server [3].
Experienced Bot Operator programs the command
protocol from scratch that includes server program,
client for operation, and the program that embeds
the client to victim’s computer [2].
To the best of our knowledge, no bot is intelligent
enough to determine an attack plan on its own.
̵
Aliveness is assessed through Ping statistics.
Generate new
attack
scenario
No
Fig. 2: Aliveness scanning through SmartAttacker
̵
Fig.1 : Flowchart of SmartAttacker
Route information is gathered through Tracert.
Conclusion & Future Work
•
•
•
We propose to develop an smart attack tool
exploiting artificial intelligence, which is yet to be
focused in the literature.
We have developed an Information Gathering
Module and currently developing an Intelligent
Attacker Module.
In future, we plan to explore how to combat with
such intelligent attacker module.
̵
Fig. 3: Route scanning through SmartAttacker
Port vulnerabilities are scanned through NMAP.
References
[1] P. Ramneek. “Bots & Botnet: An Overview”, SANS Institute.
Retrieved 12 November 2013.
[2] C.Y. Cho, D. Babic, R. Shin and D. Song. “Inference and Analysis of
Formal Models of Botnet Command and Control Protocols”, ACM
Conference on Computer and Communications Security, 2010.
[3] P. Wang. “Peer-to-Peer botnets”. In Stamp, Mark & Stavroulakis
Peter. “Handbook of Information and Communication Security”.
Springer, 2010.
Fig. 4: Port Vulnerability scanning through SmartAttacker
Department of Computer Science and Engineering (CSE), BUET